Lorenzo Franceschi-Bicchierai, writing for Vice: Ever since NSA leaker Edward Snowden said “use Signal, use Tor,” the end-to-end encrypted chat app has been a favorite of people who care about privacy and need a chat and calling app that is hard to spy on. One of the reasons security experts recommended Signal is because the app’s developers collected — and thus retained — almost no information about its users. This means that, if subpoenaed by law enforcement, Signal would have essentially nothing to turn over. Signal demonstrated this in 2016, when it was subpoenaed by a court in Virginia. But a newly added feature that allows users to recover certain data, such as contacts, profile information, settings, and blocked users, has led some high-profile security experts to criticize the app’s developers and threaten to stop using it.
Signal will store that data on servers the company owns, protected by a PIN that the app has initially been asking users to add, and then forced them to. The purpose of using a PIN is, in the near future, to allow Signal users to be identified by a username, as opposed to their phone number, as Signal founder Moxie Marlinspike explained on Twitter (as we’ve written before, this is a laudable goal; tying Signal to a phone number has its own privacy and security implications). But this also means that unlike in the past, Signal now retains certain user data, something that many cybersecurity and cryptography experts see as too dangerous. Matthew Green, a cryptographer and computer science professor at Johns Hopkins University, said that this was “the wrong decision,” and that forcing users to create a PIN and use this feature would force him to stop using the app.
of this story at Slashdot.
Source:: Slashdot